Rate My Post
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-32823 | Med | 0.34 | 5.3 | 0.00 | Apr 24, 2024 | Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4. | ||
| CVE-2024-12309 | Med | 0.27 | 5.3 | 0.00 | Dec 13, 2024 | The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for… | ||
| CVE-2022-4673 | 0.00 | — | 0.00 | Jan 23, 2023 | The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||
| CVE-2022-40310 | 0.00 | — | 0.00 | Sep 23, 2022 | Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes. | |||
| CVE-2022-40671 | 0.00 | — | 0.00 | Sep 23, 2022 | Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress. |
- risk 0.34cvss 5.3epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4.
- risk 0.27cvss 5.3epss 0.00
The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for…
- CVE-2022-4673Jan 23, 2023risk 0.00cvss —epss 0.00
The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
- CVE-2022-40310Sep 23, 2022risk 0.00cvss —epss 0.00
Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes.
- CVE-2022-40671Sep 23, 2022risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.